Exploit Sat on LA Times Website for 6 Weeeks

from»krebsonsecurity.com/2013/02/expl ··· 6-weeks/"...The Los Angeles Times has scrubbed its Web site of malicious code that served browser exploits and malware to potentially hundreds of thousands of readers over the past six weeks..."

time it took to neuter aside, further confirmation of how javascript (used as a entry vector) should be controlled always

Cudni--"what we know we know the same, what we don't know, we don't know it differently." Help yourself so God can help you.Microsoft MVP, 2006 - 2012/13

By defaultNoScript blocks JavaScript from running from any not allowed web site. And this specific not allowed (or any, for that matter - now how about that!) "third-party Web site" is covered by that.Well gee, that was easy.Protected.(At the least from JavaScript exploits from those domains.)

Plus we have all those scanning (you name it: websites, like Google, & A/V programs that scan websites, & those websites that specifically scan other websites looking for exploits, all those "safe or trustworthy" scanners - WOT, McAfee, Safe Browsing Diagnostic, hpHost Report, Webmaster Tips Site Information, & on & on ...) & guess what, none of them picked up this malware on LAT, & so they did little or nothing in protecting you in that regard.

So go ahead, put your trust in WOT, heh.

(Reading further, quickly, I see that AVAST did pick up on something, so it may have helped somewhat?)

Avast dutifully notified me last night by way of another popup that this news story had occurred.I hate it. I hope I cancelled the right notification in settings, or I won't be notified if something actually bad has occurred on my machine./Broken record re: Avast & Popups-- ~ Project Hope ~